Olle E. Johansson
Olle E. Johansson
> Has the purl specification been changed to allow open source projects that host their own software (like KDE, GNOME, and Linux), issue purl identifiers? Last I checked it did...
> > > Has the purl specification been changed to allow open source projects that host their own software (like KDE, GNOME, and Linux), issue purl identifiers? Last I checked...
I do agree. A project I'm involved with, kamailio.org, mainly distributes source code and tarballs - and can't set up a PURL for it. In addition we have our own...
The definition of a version is not very exact. If the kernel.org project sees every single commit as an atomic version, then it should be part of the PURL in...
Well, an extension to the CVE could have links to the fixed version. I do agree that we need to add commit references somehow. Not sure it's in scope for...
The OpenSSF TAC decided not to sponsor a project in this area. Are we ready to close this issue? Thank you for a good discussion!
I think the spec has to clarify - how to compare two PURLs (we need to check if there are generic rules for URI/URL comparison to base it on) If...
Do you mean source of product updates (like new version of software) or patches (code changes needed) ? Since this is part of CycloneDX we just need to see how...
Ping @christophergates
Brilliant! I like having a linter and since we have markdown now, I think it's a good idea. I'll take a more detailed look later this weekend.